Home / malware Trojan-Downloader:W32/Agent.BOM
First posted on 13 June 2007.
Source: SecurityHomeAliases :
Trojan-Downloader:W32/Agent.BOM is also known as Win32/PSW.Delf.NGU, Trojan-Downloader.Win32.Agent.bom, TrojanDownloader:Win32/Small!4002.
Explanation :
Trojan-Downloader:W32/Agent.BOM attempts to download and install other malware into the system.
Once Trojan-Downloader:W32/Agent.BOM has been executed, it will drop a copy of itself in the following folder:
- %temp%RAVWM.EXE
It also drops the following DLL component in the Windows system directory:
- %sysdir%RAVWM425.dll
Trojan-Downloader:W32/Agent.BOM add itself a service to enable its automatic execution upon boot up.
This is done by adding the following registry entries:
- HKLMSYSTEMCurrentControlSetServicesWinWMServiceNow
ImagePath %Temp%RAVWM.EXE
ObjectName "LocalSystem"
Type dword:00000010
Start dword:00000002
ErrorControl dword:00000000
The DLL component of Trojan-Downloader:W32/Agent.BOM is injected to LSASS.EXE, and is capable of downloading spyware programs and as well sending sensitive information.
Last update 13 June 2007